Reading an entry from elav I remembered that in a forum someone asked for help as their system was slow, some of the solutions focused on processes.
The main states of the processes in Linux are:
Sleeping : Processes that are waiting their turn to execute.
Running(R) : Processes that are running.
Waiting(D) : Processes waiting for an Entry / Exit operation to be completed.
Zombie (Z) : Processes that have ended but continue to appear in the process table. They can be caused by programming errors and can be a symptom of a slow or problem-causing system.
A Zombie process is one that never received a signal from the parent process that created it, a child process is one that has its origin in a higher level process known as the parent process that is in charge of sending the signals to the child processes generated by it to indicate that their life span has ended.
They can be caused by programming errors and can be a symptom of a slow or problem-causing system. This situation usually occurs, also because some configuration was not contemplated by the developer.
In Wikipedia you can read more about these processes.
Executing the top command we can see in real time the processes that are being executed in the system, and it will indicate if there are any in a zombie state, but it does not indicate which one is.
To see all the processes, type in the terminal: ps to, and to see only the zombies: ps -el | grep 'Z'o ps -A -ostat, ppid, pid, cmd | grep -e '^ [Zz]'
alf @ Alf ~ $ ps -A -ostat, ppid, pid, cmd | grep -e '^ [Zz]'
Z 1945
If, when listing the processes, one appears with a Z status, it means that it is a zombie, which in turn means that the application is not well solved or has bugs, knowing its PID can be eliminated by executing a command similar to, in the terminal, in this example:
alf @ Alf ~ $ kill-9 1945
When you have many zombie processes or at least more than one, you can use the following command that kills them, it only works for that, if you run it without having zombie processes nothing will happen:
alf @ Alf ~ $ sudo kill -HUP `ps -A -ostat, ppid, pid, cmd | grep -e '^ [Zz]' | awk '{print $ 2}' ''
regards
🙁
Thanks, very good contribution, I am going to save the commands to make periodic checks.
Thanks, nice article.
A couple of clarifications regarding your article:
The term "Zombie process" is technically inappropriate and those of us who have a little experience with GNU / Linux should avoid using it since there is no process running in itself, but it is only a reference to a process that no longer exists in the system and he did not release his identifier.
A "zombie process" is actually the entry in the mapping table of the process identifier (process descriptor), just that, so it does not consume resources beyond a few bytes of memory that the system uses to keep track of the process table.
The only problem that there may be with ghost (or zombie) registry descriptors is that if they spawn too fast they could theoretically occupy the entire process descriptor allocation table leaving the system without space for new records so it would potentially be impossible to run new programs -that record their processes- eventually hanging the machine.
However, this is almost impossible to happen since in 32-bit systems there are 32767 spaces to register processes (rarely or never used) and twice that in a 64-bit system.
The only way to make a system crash with dead processes badly removed is to create the processes and kill them quickly without correctly cleaning the process descriptor (that is, creating "zombie processes") but, let's face it, if someone wants to hang a system there are much more direct ways than that. to start creating new processes quickly in an exponential way that jam the system and hang it; one of the ways to achieve this with a fork bomb:
: () {: |: &} ;:
You can make the system relatively resistant to a fork bomb by configuring /etc/security/limits.conf correctly, although it must be taken into account that the more we limit the possibility of creating new processes, we will be able to run fewer applications concurrently on our system. However, it is a valid tool for all paranoid sysadmin who want to have a very fine control over their systems!
This article has good info on invalid process descriptors:
http://www.howtogeek.com/119815/htg-explains-what-is-a-zombie-process-on-linux/
And in this there is a clear explanation on how a fork bomb works: http://stackoverflow.com/questions/991142/how-does-this-bash-fork-bomb-work
Salu2
msx: «The term“ Zombie process ”is technically inappropriate and those of us who have a little experience in GNU / Linux should avoid using it…» Ha ha ha. There is only something greater than your pride: your bad taste. Hey, what you did is in bad taste, if you want to give a lecture, get one at the faculty, or put your own blog and write what you want, but coming here to correct the flat to good Alf is really in bad taste.
The truth seemed to me a quite interesting comment. Much more than the post
thank you very interesting.
excellent article thanks
msx
«The term“ Zombie process ”is technically inappropriate and those of us who have a little experience in GNU / Linux should avoid using it»
We will have to notify the developers, since as you will see, the term zombie is also used, there I read it on the console.
regards
Congratulations, very good article, I had always had doubts that they were the PZs but I had never had time to investigate, now I go to the page and I come across the answer thanks …….
In KDE with control + escape system activities go out and we can kill those zombies quickly.
A correction, it is a ZOMBIE not a ZOMBIE process
Zombie is in english
Zombi in spanish
Luxury, thank you !.
First, the term zombie process seems totally correct. Also the term is the least important.
The point is that as msx indicates, and the same wikipedia (I read the article) the zombie process is really dead.
«When a process ends, all its memory and resources associated with it are dereferenced, so that they can be used by other processes. Anyway, the process entry in the process table still remains »
That is, the process is no longer taking up system resources, therefore the load on the system is minimal, as explained by msx.
However, the only thing it has is an invalid entry in the process table ... which, if there are thousands of them, maybe it would be a load (after all, the processor has to read the process table and it would read a lot of useless information) in addition to reflecting bad programming practices (someone is making poorly made applications).
But in itself the explanation of the post is not so correct and the correct one would be the one given by msx.